Data collection

The cybercrime dataset built from the source up

Flare combines automation, AI-driven collection, and specialized research expertise to deliver industry-leading visibility into cybercrime ecosystems. Nearly a decade of proprietary data, updated in near real time.
Flare · Collection engine
Ingesting
Source
Records
Indexed
telegram_ch_1284901
+14,293 records
00:02s
stealer_log_batch_88
+847 entries
00:06s
forum_raidforums_arch
+23,891 posts
00:11s
github_leaked_keys_09
+124 secrets
00:14s
ransomware_lksite_new
+38 files
00:19s
25B+
Leaked credentials
127k+
Telegram channels
390+
Cybercrime forums
10M+
IOCs
50+
Ransom leak sites
Intelligence coverage

Sources across the criminal underground

Flare's collection spans the full spectrum of cybercrime infrastructure, from Telegram channels to access broker forums, backed by nearly a decade of continuously archived data.
01 · Telegram

Telegram channels
127,000+

Ongoing collection across cybercrime channels delivers coverage relied on by law enforcement and security teams worldwide.
02 · Forums

Dark web forums and markets
2017

An archive of dark web forums and markets dating back to 2017. Ongoing monitoring creates a rich proprietary dataset for tracking threat actor activity.
03 · Stealer logs

Stealer logs
92%

Ingest and normalization of stealer logs at scale, capturing more than 92% of the ecosystem based on historical data, updated in near real time.
04 · Ransomware

Ransomware leak sites

Newly exposed ransomware breach files are indexed as they appear, building a searchable database by file name and metadata for unmatched visibility.
05 · Clear web

GitHub and clear web

Continuous monitoring of 50+ paste sites, thousands of public GitHub repositories, and dozens of clear web sources to identify exposed code, credentials, and sensitive data.
06 · Access brokers

Access brokers and markets

IAB listings, underground forum posts, and combolist distributions are continuously monitored, surfacing access sales before threat actors act on them.
From collection to platform

Every source flows into a single dataset.

Flare ingests from 127k+ Telegram channels, hundreds of dark web forums, stealer log ecosystems, ransomware leak sites, and clear web sources. All of it continuously classified, deduplicated, and made searchable.
01

Collection in near real time

New data is indexed within minutes of appearing on criminal markets.
02

One decade of archive depth

Historical data back to 2017 lets analysts pivot on threat actors over time.
03

Proprietary, not aggregated

No third-party resellers. Flare builds and maintains its own collection systems.
Flare data pipeline: intelligence is collected from source-layer feeds, classified into Telegram, dark web, stealer logs, ransomware and clear web, then processed, enriched and ingested into the Flare platform. SOURCE LAYER CLASSIFICATION PROCESSING ENRICHMENT PLATFORM TELEGRAM DARK WEB STEALER LOGS RANSOMWARE CLEAR WEB INGESTING
Find what matters

Turn massive data into actionable intelligence

Pivot across billions of data points in seconds with Flare's global search. Customize queries with RegEx, Lucene syntax, or Flare identifiers to continuously track exposures tied to your organization.
Try Global Search Free
01

Domains

Monitor brand domains, subdomains, and look-alike registrations across all indexed sources.
02

Keywords and phrases

Custom terms, product names, internal identifiers, and employee data tracked continuously.
03

Passwords

Track credential exposure across combolists, stealer logs, and dark web paste sites.
04

IP addresses

Watch for infrastructure exposure and pivot from IP to related threat actor activity.
05

Complex queries

Full RegEx, Lucene syntax, and Flare identifiers for advanced analyst workflows and continuous monitoring.
Early warning system

Proven intelligence to outpace threats

Flare's deep coverage gives analysts a head start on major risks before they become incidents.
01

The world's most intuitive dark web dataset

02

Flare detection

03

Early alert

04

Prevention

Case study · 2024 National Public Data Breach
Flare's Telegram monitoring captured threat actor chatter around the 2024 National Public Data Breach — 2.9B records — before the incident was publicly disclosed, giving defenders a critical early warning window.
Source · Flare Research · 2024
Dark web intelligence

Untangle the cybercrime web with Flare

Pivot through a safe, structured database of dark web forums, markets, and Telegram channels in a single interface — without exposing your team to criminal infrastructure.
Start a Free Trial
01 · Dataset

The world's most intuitive dark web dataset

Easily pivot through Flare's safe and structured database of dark web forums, markets, and Telegram in a single interface without risk.
02 · Profiles

Detailed profiles that reveal associations

Automated threat actor profiling provides rich details including time zones, post history, affiliated actors, and cross-source activity.
03 · Sourcing

Transparent sourcing

Build cases and investigations with confidence by knowing exactly where and when every data point was sourced and archived.
04 · Collaboration

Effective collaboration

Share any event in the platform via a unique URL, streamlining collaboration between analysts and teams.
Start free

Stand up Flare in 30 minutes.

No credit card. No procurement cycle. Drop in a domain and watch the first stealer-log alerts arrive within the hour.